2022-09-28 Conda Community Meeting
Attendees
Name | Initials | Affiliation | GH Username |
---|---|---|---|
Dave Clements | DPC | Anaconda | tnabtaf |
Travis Hathaway | TH | Anaconda | travishathaway |
Cheng H. Lee. | CHL | Anaconda/c-f. | |
Bianca Henderson | BH | Anaconda | beeankha |
Jaime Rodríguez-Guerra | JRG | Quansight/c-f | jaimergp |
Daniel Ching | DJC | Argonne | carterbox |
Filipe Fernandes | FF | CF | ocefpaf |
Daniel Holth | DH | Anaconda | dholth |
John Kirkham | JK | NVIDIA/cf | jakirkham |
Sebastien Awwad | SA | Anaconda | awwad |
15 people total
Introductions
- Nope
Announcements
- Conda 22.9.0 has been released
New Agenda Items
- (KO) Calling votes on Deprecation Policy CEP
- (DPC) - conda.discourse.group will go live right after this call
- unless there are objections
- Announcement is here
- Will announce in Gitter, Twitter, Slack.
- Will also post to conda Google Group, and will suggest that we shut that down by end of 2022.
- Future conda, conda-build gitter channels
- (CHL) What should we do with
conda verify
and associated message inconda build
?- No releases since 2019; not actively maintained AFAIK
- JRG: I want this back in some form if we get funding :)
- JRG, CHL: in favor of removing the message from conda-build; worry about future of conda-verify later
- (DH) CCalling votes on Incremental repodata (.jlap) CEP
- (CHL) How should we handle Python patch releases that break things?
- Context:
- CVE-2020-10735 (
str
/int
denial-of-service): fixed in CPython 3.7.14, 3.8.14, 3.9.14, 3.10.7 - CVE-2015-20107 (ACE in
mailcap
module): fixed in CPython 3.11 beta. No progress upstream (yet) on backporting fixes to 3.7 - 3.9 branches.
- CVE-2020-10735 (
- conda-forge:
- Generally ships what upstream ships
- May give downstream packages (e.g., SymPy) warning before releasing update CPython packages
- Anaconda
- Will probably either backport
mailcap
patches and/or nuke the module frompython
packages
- Will probably either backport
- Context:
- (CHL) Starting to write a grammar for match specs
- (MB) CalVer
- (JRG) CalVer makes it explicit that there are no API guarantees.
- But hurts community developers who rely on stable APIs
- conda-build, conda-smithy, mamba would be hard to upgrade if forced to have tighter pins
- (MRB) Should we start a CEP or open an issue to formally define a stable API?
- (JRG) CalVer makes it explicit that there are no API guarantees.
What is this meeting for?
Various parts of the conda community gather on a regular basis. This meeting brings together all of these sub-communities for a community wide call.